Showing results for 
Search instead for 
Did you mean: 

We welcome your ideas on how we can help improve our documentation and merchant integration services and features. We can't guarantee that ideas will be implemented but your ideas and kudos on ideas will give us valuable insights and feedback we can showcase to our product and developer teams.

By submitting an idea you agree to the PayPal Community Help Forum Agreement and specifically the sections pertaining to user submitted feedback and content.

Include if Buyer has used 2-factor to approve payment.

Include if Buyer has used 2-factor to approve payment.

Since the rise of fraud coming from PayPal buyers is getting critical... you need to start supplying more information in the GET orders details after a Buyer approves the payment through the PayPal terminal. So Merchants can decide the risk factor if that so-called-buyer is the real owner of the PayPal account, or some hacker.


Your current process: 

  • Merchant site presents cart and button to pay using PayPal.
  • User clicks PayPal button to pay.
  • User is directed to PayPal (now entirely out of Merchants hands).
  • User falsely logs into someone else's paypal account (to commit fraud).
  • User 'confirms' the payment and is directed back to merchant site.
  • At this point Merchant gets order details via API, and only receives a buyer name/email.... very little to go on for score detection.
  • After merchant captures funds, later down the line the REAL owner of the paypal account files a chargeback dispute and costs the merchant time and money.

This cycle then goes on and on because so many paypal accounts are being hacked in on a daily basis because most paypal accounts do not have 2-factor enabled to protect them from such intrusions and false payment authorizations.


So, as a helpful bit of information, it would be nice if the API returned in the payer(object) wether or not that user had successfully gone through 2-factor or not to authorize the payment. A simple API return field of:

    valid_2factor (bool)